Cybercriminals Leak Millions of Records in “Free Leakmas” Campaign During the Holiday Season

The holiday season is usually a time of joy and celebration, but for cybercriminals, it presented an opportunity to carry out their nefarious activities. In the days leading up to Christmas, a staggering 50 million records containing sensitive personal information were leaked by these threat actors. These leaks, primarily found on the Dark Web, were labeled “Free Leaksmas,” indicating that the criminals were sharing their data as a gesture of mutual gratitude among their ilk.

“Free Leaksmas” campaign on the Dark Web

The Dark Web served as the platform for cybercriminals to exchange and share compromised data during the holiday season. The “Free Leaksmas” campaign demonstrated a peculiar form of camaraderie among these threat actors. It is believed that by sharing their stolen data, they were expressing gratitude towards one another and establishing an environment of trust within their criminal network. As part of the campaign, underground shops offering compromised accounts on online banking and ecommerce platforms even provided substantial discounts, with markdowns reaching up to 40%.

Data dumps from various breaches

Several major data breaches contributed to the “Free Leaksmas” campaign, resulting in significant record leaks. One of the most prominent dumps came from a breach at Peruvian telecom provider Movistar, where a staggering 22 million records containing customer phone numbers and identification numbers were compromised. This breach is concerning as it exposes a vast amount of personal information that could potentially be exploited for various malicious purposes.

In addition to the Movistar breach, other notable Leaksmas datasets emerged from breaches at a Vietnamese fashion retailer and a French company. Both of these breaches yielded millions of records, further fueling concerns about the extent of personal data available to cybercriminals.

Revisiting older incidents

Interestingly, some of the leaked data appeared to originate from older incidents that had resurfaced. One such incident was the rumored breach of the Swedish fintech company Klarna in 2022. It is clear that cybercriminals are not only focused on recent breaches but also revisiting past incidents to exploit any remaining vulnerabilities and retrieve valuable data.

Notable threat actors involved

Several known threat actor groups have been identified as participating in the “Free Leaksmas” campaign. One such group is SeigedSec, a pro-Iranian entity that has previously targeted critical infrastructure and industrial control systems environments in Israel. Their involvement in sharing compromised data during the holiday break raises concerns over potential future attacks on critical systems.

Another group involved in the Leaksmas campaign is the hacktivist alliance known as the “Five Families.” This group claimed responsibility for stealing records from a large Chinese clothing store due to its alleged abusive labor practices and government connections. The motivations behind their actions highlight the intersection between cybercrime and activism.

Discounts and Focus on Stolen Credit Card Data

As digital identity remains a primary focus for cybercriminals, those selling stolen credit card data and related services offer attractive discounts to entice new buyers. Cybercriminals recognize the lucrative nature of stolen credit card information and the potential for financial gain. By offering discounts, they seek to expand their customer base and increase the demand for stolen data.

The “Free Leaksmas” campaign conducted by cybercriminals during the holiday season resulted in a massive influx of leaked personal data. The collaboration and data sharing observed among these threat actors signifies the existence of a robust criminal network. With notable threat actors and the abundance of compromised accounts and credit card information, the importance of data security cannot be stressed enough. As we move forward, it is crucial for individuals and organizations to remain vigilant and implement robust cybersecurity measures to protect against such breaches and safeguard sensitive information.

Explore more

Can Federal Lands Power the Future of AI Infrastructure?

I’m thrilled to sit down with Dominic Jainy, an esteemed IT professional whose deep knowledge of artificial intelligence, machine learning, and blockchain offers a unique perspective on the intersection of technology and federal policy. Today, we’re diving into the US Department of Energy’s ambitious plan to develop a data center at the Savannah River Site in South Carolina. Our conversation

Can Your Mouse Secretly Eavesdrop on Conversations?

In an age where technology permeates every aspect of daily life, the notion that a seemingly harmless device like a computer mouse could pose a privacy threat is startling, raising urgent questions about the security of modern hardware. Picture a high-end optical mouse, designed for precision in gaming or design work, sitting quietly on a desk. What if this device,

Building the Case for EDI in Dynamics 365 Efficiency

In today’s fast-paced business environment, organizations leveraging Microsoft Dynamics 365 Finance & Supply Chain Management (F&SCM) are increasingly faced with the challenge of optimizing their operations to stay competitive, especially when manual processes slow down critical workflows like order processing and invoicing, which can severely impact efficiency. The inefficiencies stemming from outdated methods not only drain resources but also risk

Structured Data Boosts AI Snippets and Search Visibility

In the fast-paced digital arena where search engines are increasingly powered by artificial intelligence, standing out amidst the vast online content is a formidable challenge for any website. AI-driven systems like ChatGPT, Perplexity, and Google AI Mode are redefining how information is retrieved and presented to users, moving beyond traditional keyword searches to dynamic, conversational summaries. At the heart of

How Is Oracle Boosting Cloud Power with AMD and Nvidia?

In an era where artificial intelligence is reshaping industries at an unprecedented pace, the demand for robust cloud infrastructure has never been more critical, and Oracle is stepping up to meet this challenge head-on with strategic alliances that promise to redefine its position in the market. As enterprises increasingly rely on AI-driven solutions for everything from data analytics to generative